Snort mailing list archives
RE: Question about alerts and Windows environment
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Tue, 7 Jan 2003 14:44:33 -0500
Mark, Are you using an alert output plugin in the snort.conf file? If so, then yes, '-E' will disable this alert output. Instead, specify an alert output via the command line (e.g., '-A fast', '-A full', etc.) or, as I just found out (the hard way), the 'output alert_syslog ...' plug-in under Win32 (at least for Snort 1.8.6) sends its output to the Application Event log. You could always try this and drop the '-E' command line parameter. Christopher -----Original Message----- Date: Mon, 6 Jan 2003 09:34:37 -0600 From: "Mark Scott" <Mark.Scott () mtgroup com> Reply-To: <Mark.Scott () mtgroup com> To: <snort-users () lists sourceforge net.> Subject: [Snort-users] Question about alerts and Windows environment Hi, I am testing Snort on Windows XP and would like to be able to log alerts to the alerts file in my log directory and also in my Windows event log. Is it possible to do this? I am using the snort command line '-E' which sends it to the event log, but it stops loggin to the alert file. Thanks for any insight, Mark
Current thread:
- Question about alerts and Windows environment Mark Scott (Jan 06)
- <Possible follow-ups>
- RE: Question about alerts and Windows environment L. Christopher Luther (Jan 07)
- RE: Question about alerts and Windows environment L. Christopher Luther (Jan 08)
- RE: Question about alerts and Windows environment Don Weber (Jan 09)
- RE: Question about alerts and Windows environment L. Christopher Luther (Jan 09)
- RE: Question about alerts and Windows environment L. Christopher Luther (Jan 09)
- RE: Question about alerts and Windows environment L. Christopher Luther (Jan 09)
- RE: Question about alerts and Windows environment L. Christopher Luther (Jan 09)
- RE: Question about alerts and Windows environment L. Christopher Luther (Jan 10)